🖥️
Born2BeRoot
  • 📘Born2BeRoot
  • 🛠️Installing the virtual machine
    • 💿Virtual machine ISO
    • 🖥️VirtualBox
    • 💿Attaching ISO to VirtualBox
  • 🌀Installing Debian
    • 🌍Configure locals
    • 📶Configure the network
    • 🔐Set up users and passwords
    • 🕚Configure the clock
    • 💾non-BONUS: Partition disks
    • 💾BONUS: Partition Disks
      • 💾BONUS: primary partition
      • 💾BONUS: logical partition
      • 💾BONUS: encrypt logical partition
      • 💾BONUS: logical volume manager
      • 💾BONUS: logical volume group
      • 💾BONUS: logical volume root
      • 💾BONUS: logical volume swap
      • 💾BONUS: logical volume home
      • 💾BONUS: logical volume var
      • 💾BONUS: logical volume srv
      • 💾BONUS: logical volume tmp
      • 💾BONUS: logical volume var-log
      • 💾BONUS: file system of all logical volumes
    • 📦Configure the package manager
    • 🖥️Install the GRUB boot loader
    • 🎉Finish installation
  • ⚙️Virtual machine setup
    • ⚙️First connection
    • 👤Installing sudo & configuration of user and groups
      • 👤Creating a user
      • 👥Creating a group
      • 🫂Adding a user to a group
    • 📶Installing & configuring SSH
      • 📶Configuring SSH
      • 👬Connecting via SSH
    • 🔥Installing & configuring UFW 🔥🧱 Firewall
      • 🔥Allow a port to firewall
    • 🔐sudo policies
    • 🔑password policy 🔑
    • 🧾Script 🚨
    • ⏰Crontab
    • ✒️Signature.txt
  • 😊BONUS Services
    • 💡Lighttpd
    • 📰WordPress
    • 🐬Mariadb
      • 🐬Create database on Mariadb
    • 🐘PHP
    • 📰WordPress configuration
    • ⚡LiteSpeed
  • ✅Correction preparation
    • ✅Correction sheet
    • ❤️‍🩹Evaluation answer
    • ⌨️Evaluation commands
      • ✅Check no graphical interface
      • ✅Check UFW
      • ✅Check SSH service
      • ✅Check OS
      • ✅Check user and group
        • ✅Add user and check password policy
        • ✅Check group creation
        • ✅Check adding to group
      • ✅Check hostname
        • ✅Check change hostname
      • ✅Check all partitions
      • ✅Check sudo
        • ✅Check add user to sudo group
        • ✅Check sudo rules
        • ✅Check sudo logs
      • ✅Check UFW advanced
        • ✅Check UFW active rules
        • ✅Check rule creation
      • ✅Check SSH advanced
        • ✅Check SSH usage
      • ✅Check crontab of script
      • 🎉Finish !
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Virtual machine setup

sudo policies

Begining with this section, we will create a file in /etc/sudoerd.d/. The file will serve the purpouse of storing our sudo policy.

PreviousAllow a port to firewallNextpassword policy 🔑

Last updated 1 year ago

Was this helpful?

  1. The command that we will use will be 

touch /etc/sudoers.d/sudo_config

  1. Then we must create a directory as is asked in the subject in /var/log/ because each commands need to be logged, the input and output. We will use:

mkdir /var/log/sudo

  1. We must edit the file that we created in the first step of this section. Use any text editor, but for this guide as is in every screenshot we will use nano. Use:

nano /etc/sudoers.d/sudo_config

  1. Once we are editing the file we must set it up with the following commands:

Defaults  passwd_tries=3
Defaults  badpass_message="Mensaje de error personalizado"
Defaults  logfile="/var/log/sudo/sudo_config"
Defaults  log_input, log_output
Defaults  iolog_dir="/var/log/sudo"
Defaults  requiretty
Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

passwd_tries=3: Total tries for entering the sudo password.

badpass_message="message": The message that will show when the password failed.

logfile="/var/log/sudo/sudo_config": Path where will the sudo logs will be stored.

log_input, log_output: What will be logged.

iolog_dir="/var/log/sudo": What will be logged.

requiretty: TTY become required

secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin": Folders that will be excluded of sudo

As it should be on the file:

⚙️
🔐